local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions
934 commits 13 branches 0 tags 7.9 MiB
Commit graph

934 commits

This branch
This branch
All branches
Author SHA1 Message Date
Moritz
e72b7ab2e8
Remove NoActor bypass from User and Member policies 
This removes the NoActor bypass that was masking authorization bugs in tests.
All operations now require an explicit actor for authorization.
 2026-01-24 02:12:31 +01:00
simon
b6992f8488 Merge pull request 'Add boolean custom field filters to member overview closes #309' (#362) from feature/filter-boolean-custom-fields into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #362
 2026-01-23 14:53:05 +01:00
Simon
1b44730b95
Fix: Ensure members are loaded in handle_params when signature unchanged
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-23 14:48:37 +01:00
Simon
672b4a8250
Merge branch 'main' into feature/filter-boolean-custom-fields
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 14:41:48 +01:00
Simon
20c96123e1
fix: failing test
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 14:33:54 +01:00
Simon
1d46fd1baf
feat: improve filter performance by reducing Ash.read! calls
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-23 14:22:57 +01:00
Simon
b4657cae23
fix: resolve pr remarks 2026-01-23 14:00:18 +01:00
Moritz
c98ad4085a
docs: add authorization bootstrap patterns section
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Document the three authorization bypass mechanisms and when to use each:
- NoActor (test-only bypass)
- system_actor (systemic operations)
- authorize?: false (bootstrap scenarios)
 2026-01-23 02:53:20 +01:00
Moritz
41e342a1d6 Fix OIDC account linking by using SystemActor in LinkOidcAccountLive
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Add SystemActor to all Ash operations in LinkOidcAccountLive
- Enables user lookup, reload, and oidc_id linking during OIDC flow
- User is not yet logged in during linking, so SystemActor provides authorization
 2026-01-23 02:14:59 +01:00
Moritz
bad4e5ca7c Fix OIDC login by using SystemActor in OidcEmailCollision validation 
- Add SystemActor to Ash.read_one() calls in OidcEmailCollision validation
- Prevents authorization failures during OIDC registration when no actor is logged in
- Enables proper email collision detection and account linking flow
 2026-01-23 02:12:53 +01:00
Moritz
079d270768 Fix authorization bypass in seeds and validations
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Add authorize?: false to all bootstrap operations in seeds.exs
- Fix user-linking validation to respect authorize? context flag
- Prevents authorization errors during initial setup when no actor exists yet
 2026-01-23 02:08:11 +01:00
moritz
67b5d623cf Merge pull request 'User Resource Policies closes #363' (#364) from feature/363_user_policies into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #364
 2026-01-22 23:24:36 +01:00
Moritz
427608578f Restrict Actor.ensure_loaded to Mv.Accounts.User only
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Pattern match on %Mv.Accounts.User{} instead of generic actor.
Clearer intention, prevents accidental authorization bypasses.
Non-User actors are returned as-is (no-op).
 2026-01-22 23:17:55 +01:00
Moritz
d114554d52 Fix remaining runtime guard references in CODE_GUIDELINES 
Remove mentions of runtime guards - only compile-time config is used.
Clarify that production safety comes from config defaults.
 2026-01-22 23:12:33 +01:00
Moritz
f32324d942 Update CODE_GUIDELINES for Application.compile_env pattern
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Replace Mix.env example with config-based approach.
Remove outdated runtime guard documentation.
 2026-01-22 23:05:00 +01:00
Moritz
f6096e194f Remove skipped get_by_subject test, add explanation 
Test removed - JWT flow tested via AshAuthentication integration.
Direct test would require JWT mocking without value.
 2026-01-22 23:04:58 +01:00
Moritz
f3abade7ad Add authorize?: false to Actor.ensure_loaded 
SECURITY: Skip authorization for role loading to avoid circular dependency.
Actor loads their OWN role, needed for authorization itself.
Documented why this is safe.
 2026-01-22 23:04:56 +01:00
Moritz
e60bb6926f Remove unused PolicyHelpers macro and PolicyConsistency test
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Dead code - macro was never used in codebase.
PolicyConsistency test will be replaced with better implementation.
 2026-01-22 22:37:09 +01:00
Moritz
f2def20fce Add centralized Actor.ensure_loaded helper 
Consolidate role loading logic from HasPermission and LiveHelpers.
Use Ash.Resource.Info.resource? for reliable Ash detection.
 2026-01-22 22:37:07 +01:00
Moritz
05c71132e4 Replace NoActor runtime Mix.env with compile-time config 
Use Application.compile_env for release-safety.
Config only set in test.exs (defaults to false).
 2026-01-22 22:37:04 +01:00
Moritz
811a276d92 Update documentation for User credentials strategy
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Clarify that User.update :own is handled by HasPermission.
Fix file path references from lib/mv/accounts to lib/accounts.
 2026-01-22 21:36:22 +01:00
Moritz
d97f6f4004 Add policy consistency tests 
Enforce User.update :own across all permission sets.
Verify READ bypass + UPDATE HasPermission pattern.
 2026-01-22 21:36:19 +01:00
Moritz
a834bdc4ff Add PolicyHelpers macro for standard user policies 
Encapsulate two-tier policy pattern (bypass + HasPermission).
Promote consistency across resource policy definitions.
 2026-01-22 21:36:18 +01:00
Moritz
7d0f5fde86 Replace for comprehension with explicit describe blocks 
Fix Credo parsing error by removing for comprehension.
Duplicate tests for own_data, read_only, normal_user sets.
 2026-01-22 21:36:16 +01:00
Moritz
47c938cc50 Centralize role preloading in global LiveView on_mount 
Add ensure_user_role_loaded to global live_view quote block.
Remove redundant on_mount calls from individual LiveViews.
 2026-01-22 21:36:15 +01:00
Moritz
797452a76e Shorten User policy comments to state what only 
Move why explanations to documentation files.
Keep policy comments concise and focused.
 2026-01-22 21:36:12 +01:00
Moritz
f1e6a1e9db Clarify User.update :own in permission sets 
Add explicit comments explaining why all permission sets
grant User.update with scope :own for password changes.
 2026-01-22 21:36:11 +01:00
Moritz
56144a7696 Add role loading fallback to HasPermission check 
Extract ash_resource? helper to reduce nesting depth.
Add ensure_role_loaded fallback for unloaded actor roles.
 2026-01-22 21:36:10 +01:00
Moritz
93216f3ee6 Harden NoActor check with runtime environment guard 
Add Mix.env() check to match?/3 for defense in depth.
Document NoActor pattern in CODE_GUIDELINES.md.
 2026-01-22 21:36:09 +01:00
Moritz
5506b5b2dc docs(auth): document User policies and bypass pattern
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Add bypass vs HasPermission pattern documentation
Update architecture and implementation plan docs
 2026-01-22 19:19:27 +01:00
Moritz
63d8c4668d test(auth): add User policies test suite 
31 tests covering all 4 permission sets and bypass scenarios
Update HasPermission tests to expect false for scope :own without record
 2026-01-22 19:19:25 +01:00
Moritz
429042cbba feat(auth): add User resource authorization policies 
Implement bypass for READ + HasPermission for UPDATE pattern
Extend HasPermission check to support User resource scope :own
 2026-01-22 19:19:22 +01:00
moritz
a9f9cab96a Merge pull request 'System Actor Mode for Systemic Flows closes #348' (#361) from feature/348_system_actor into main
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Reviewed-on: #361
 2026-01-21 08:36:39 +01:00
Moritz
d07f1984cd Move require Logger to module level
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Move require Logger statements from function/case level to module level
for better code organization and consistency with Elixir best practices
 2026-01-21 08:35:34 +01:00
Moritz
1c5bd04661
Update gettext translations for new UI strings
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-21 08:09:34 +01:00
Moritz
b0ddf99117 Add admin authorization check for regenerate cycles button 
Restrict UI access to cycle regeneration to administrators only
to prevent policy bypass via user interface
 2026-01-21 08:02:38 +01:00
Moritz
ea399612be Make system actor email configurable via SYSTEM_ACTOR_EMAIL 
Allow system user email to be configured via environment variable
with fallback to default 'system@mila.local'
 2026-01-21 08:02:35 +01:00
Moritz
7e9de8e95b Add logging for fail-open email uniqueness validations 
Log warnings when query errors occur in email uniqueness checks
to improve visibility of data integrity issues
 2026-01-21 08:02:33 +01:00
Moritz
5c3657fed1 Use SystemActor opts for cycle deletion operations 
Pass actor_opts to delete_cycles/1 to ensure proper authorization
when MembershipFeeCycle policies are enforced
 2026-01-21 08:02:32 +01:00
Moritz
006b1aaf06 Replace Mix.env() with Config.sql_sandbox?() in SystemActor 
Use Application config instead of Mix.env() to prevent
runtime crashes in production releases where Mix is not available
 2026-01-21 08:02:31 +01:00
Simon
a92f503752
fix: credo warning
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-21 01:24:43 +01:00
Simon
4b67039a78
test: add more filter component tests
Some checks failed
continuous-integration/drone/push Build is failing
Details
2026-01-21 01:14:26 +01:00
Simon
f996aee6b2
feat: add new filter component to members view
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-01-21 00:47:01 +01:00
Moritz
5eadd5f090 Refactor test setup into helper functions
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Extract setup code into reusable helper functions to reduce
duplication and improve maintainability.
 2026-01-20 23:16:40 +01:00
Moritz
c5bd58e7d3 Add @spec type annotations to SystemActor functions 
Add type specifications for all private functions to improve
static analysis with Dialyzer and documentation quality.
 2026-01-20 23:16:39 +01:00
Moritz
a3cf8571ff Document System Actor pattern in code guidelines 
Add section explaining when and how to use system actor for systemic operations.
Include examples and distinction between user mode and system mode.
 2026-01-20 22:10:11 +01:00
Moritz
f1bb6a0f9a Add tests for System Actor helper 
Test system actor retrieval, caching, fallback behavior,
and auto-creation in test environment.
 2026-01-20 22:09:21 +01:00
Moritz
c64b74588f Use system actor for cycle generation 
Update cycle generator, member hooks, and job to use system actor.
Remove actor parameters as cycle generation is a mandatory side effect.
 2026-01-20 22:09:20 +01:00
Moritz
f0169c95b7 Use system actor for email uniqueness validation 
Update email validation modules to use system actor for queries.
This ensures data integrity checks always run regardless of user permissions.
 2026-01-20 22:09:19 +01:00
Moritz
8acd92e8d4 Use system actor for email synchronization 
Update email sync loader and changes to use system actor instead of user actor.
This ensures email sync always works regardless of user permissions.
 2026-01-20 22:09:18 +01:00